Crypto-map per VPN CLIENT doppie per 2 interfacce OUTSIDE

[zot]

Voglio configurare una Client VPN con relativo backup.
Il router in questione ha due interfacce outside con due ISP differenti.
Se configuro una stessa crypto map su entrambe le interfacce outside seccede che mi posso collegare in VPN solo sull'interfaccia dove avviene il primo collegamento VPN.
Ho provato a creare due crypto-map differenti ma il problema permane....
Tra l'altro ho anche problemi a tenere su una DMVP (con tunnel) e una VPN client sulla stessa interfaccia outside.....c'e' qualcosa che non so????
Il router e' :

Codice: Seleziona tutto

System image file is "flash:c1841-advipservicesk9-mz.124-15.T1.bin"
Cisco 1841 (revision 6.0) with 354304K/38912K bytes of memory.
Processor board ID FCZ101210QY
2 FastEthernet interfaces
1 ATM interface
1 Virtual Private Network (VPN) Module
DRAM configuration is 64 bits wide with parity disabled.
191K bytes of NVRAM.
62720K bytes of ATA CompactFlash (Read/Write)

ho provato sia cosi'

Codice: Seleziona tutto

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group VPN-CLI
 key xxxxxx
 pool SUB_CLIENT_VPN
 acl 160
 save-password
 max-users 5
!
!
crypto ipsec transform-set R_W esp-3des esp-md5-hmac  
!
crypto dynamic-map REMOTE 10
 set transform-set R_W 
!
!
!
crypto map ROAD_W client authentication list vpnusers
crypto map ROAD_W isakmp authorization list vpngroup
crypto map ROAD_W client configuration address initiate
crypto map ROAD_W client configuration address respond
crypto map ROAD_W 65535 ipsec-isakmp dynamic REMOTE 
!
interface Dialer0
 crypto map ROAD_W
!
interface fastethernet0/0
 crypto map ROAD_W

che cosi'

Codice: Seleziona tutto

crypto isakmp policy 1
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp policy 2
 encr 3des
 authentication pre-share
 group 2
!
crypto isakmp client configuration group VPN-CLI
 key xxxx
 pool SUB_CLIENT_VPN
 acl 160
 save-password
 max-users 5
!
!
crypto ipsec transform-set R_W esp-3des esp-md5-hmac 
crypto ipsec transform-set R_WBKP esp-3des esp-md5-hmac 
!
crypto dynamic-map REMOTE 10
 set transform-set R_W 
!
crypto dynamic-map REMOTEBKP 10
 set transform-set R_WBKP 
!
!
crypto map ROAD_W client authentication list vpnusers
crypto map ROAD_W isakmp authorization list vpngroup
crypto map ROAD_W client configuration address initiate
crypto map ROAD_W client configuration address respond
crypto map ROAD_W 65535 ipsec-isakmp dynamic REMOTE 
!
crypto map ROAD_WBKP local-address Dialer0
crypto map ROAD_WBKP client authentication list vpnusers
crypto map ROAD_WBKP isakmp authorization list vpngroup
crypto map ROAD_WBKP client configuration address initiate
crypto map ROAD_WBKP client configuration address respond
crypto map ROAD_WBKP 65535 ipsec-isakmp dynamic REMOTEBKP 
!
!
interface Dialer0
 crypto map ROAD_WBKP
!
interface fastethernet0/0
 crypto map ROAD_W

ma su una interfaccia ottengo sempre :(sill'altra invece RIESCO A COLLEGARMI)

Codice: Seleziona tutto

.Jan 27 08:41:29.986: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.986: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.986: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:29.990: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:29.990: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3
.Jan 27 08:41:35.753: ISAKMP:(0):Encryption algorithm offered does not match policy!
.Jan 27 08:41:35.753: ISAKMP:(0):atts are not acceptable. Next payload is 3

Il log e' abbastanza chiaro ma non per questo sono riuscito a far terminare la fase IKE....

[zot]

Ho letto di parecchie persone che hanno problemi a configurare L2L o DMVPN che sia e sullo stesso router una VPN Client......qualcuno sa qualcosa???????